Skip to content

Hide Navigation Hide TOC

Shell Metacharacter Injection in Tool Arguments - ATR-2026-00111 (51876ab5-65e2-591e-810d-a71d2c7ec204)

Detects shell metacharacter injection patterns in tool arguments or agent-generated commands. Attackers embed backtick execution, $() subshells, semicolons, pipes, or logical operators to chain malicious commands onto otherwise safe tool invocations. Null byte and newline injection are also covered as they can truncate or split commands in vulnerable parsers.

Cluster A Galaxy A Cluster B Galaxy B Level
Shell Metacharacter Injection in Tool Arguments - ATR-2026-00111 (51876ab5-65e2-591e-810d-a71d2c7ec204) Agent Threat Rules Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2